cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8666 commits 4 branches 1 tag 499 MiB
Commit graph

277 commits

Author SHA1 Message Date
Tom Hughes
5fa0aebe9f Use dynamic error pages built through the asset pipeline 
Fixes #1241
 2018-08-01 19:13:04 +01:00
Tom Hughes
98de681e47 Update to rails 5.2.0 2018-06-19 00:16:24 +01:00
Tom Hughes
4a6779abf7 Avoid using inline javascript to update message list 2018-05-30 15:30:23 +01:00
Tom Hughes
d82cc08734 Allow CSP to be put in enforcing mode 2018-05-22 08:51:21 +01:00
Tom Hughes
584ac67c10 Configure manifest-src and worker-src in security policy 2018-05-17 19:10:39 +01:00
Tom Hughes
5cd4aeb1aa Preserve schemes in security policy 2018-05-17 19:10:23 +01:00
Tom Hughes
68f7df96d6 Add piwik to allowed URIs in connect-src 2018-05-17 11:33:50 +01:00
Tom Hughes
1f1029cf1a Remove unsafe-inline form default style policy 2018-05-16 20:40:55 +01:00
Tom Hughes
c77c7d015f Default frame-src to self 2018-05-15 14:08:44 +01:00
Tom Hughes
9b82e13d17 Improve formatting 2018-04-18 18:37:18 +01:00
Tom Hughes
7a64ebe982 Merge remote-tracking branch 'upstream/pull/1824' 2018-04-18 18:36:22 +01:00
Andy Allan
17c706291c Move the default_url_options config to the action_mailer initializer 
We can't use Rails.application.config here because the initializers
run after ActionMailer::Base has been set up.
 2018-04-18 10:53:22 +08:00
Tom Hughes
3da01218b3 Allow trusted addresses for better_errors to be set in the environment 2018-04-15 22:22:43 +01:00
Tom Hughes
1f2ac59d1d Fix new rubocop warnings 2018-03-26 19:00:03 +01:00
Tom Hughes
4e9144fba2 Add support for compressed request bodies 2018-01-24 14:25:02 +00:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Tom Hughes
810c8cf129 Enable cross origin requests for diary RSS feeds 
Fixes #1714
 2018-01-13 10:41:26 +00:00
Tom Hughes
d987416901 Allow apache to control the HSTS setting 2018-01-11 19:44:20 +00:00
Tom Hughes
b396c8cbe5 Allow apache to control the HSTS setting 2018-01-11 19:20:07 +00:00
Tom Hughes
ce9066797c Monkey patch OAuth to allow http signatures on https requests 2018-01-08 10:50:44 +00:00
Tom Hughes
fd33ff83f3 Use a memory cache for sessions when memcache is not configured 
Fixes #1695
 2017-12-04 21:20:23 +00:00
Tom Hughes
3c4774a5f7 Allow images to be loaded from piwik 2017-11-23 22:22:01 +00:00
Drew Dara-Abrams
96a00910d5 When no cache store is set use cookie storage for sessions 
A change in the default configuration of development environments
in rails 5.1 means that caching is now disabled by default so in
that case fall back to using cookies instead.

Closes #1666
 2017-11-02 19:19:03 +00:00
Tom Hughes
18d3392ede Relax cookie security policy 2017-11-01 17:48:35 +00:00
Tom Hughes
f773f67958 Update to rails 5.1.4 2017-10-17 18:49:55 +01:00
Tom Hughes
f02c753cc4 Use send_data for GPX traces intead of monkey patching send_file 2017-10-09 20:38:08 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
e7e85db0c8 Update secure_headers configuration for upstream changes 2017-09-08 16:49:28 +01:00
Tom Hughes
2d80cd12ff Monkey patch oauth-plugin to avoid using deprecated methods 2017-06-27 08:26:44 +01:00
Tom Hughes
81deb35331 Update to rails 5.0.4 2017-06-27 08:26:44 +01:00
Bryan Housel
71d19cebf3 No need to precompile traffico anymore, as it's been removed 2017-06-12 18:36:50 -04:00
Tom Hughes
f8f7054fc2 Move monkey patch modules to the OpenStreetMap namespace 
Having them in the OSM namespace risks blocking autoloading
of the lib/osm.rb code by defining the OSM constant.
 2017-06-02 16:33:27 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
f940a154f3 Replace alias_method_chain with Module#prepend 2017-06-01 22:45:28 +01:00
Tom Hughes
f412c80d3f Drop monkey patches that are no longer required 2017-06-01 22:42:02 +01:00
Tom Hughes
cdeb95092b Drop hack used for rails 4 upgrade 2017-06-01 22:41:55 +01:00
Tom Hughes
6ee54aff10 Set canonical port based on protocol 2017-03-22 19:28:57 +00:00
Tom Hughes
bf8959cdc2 Add server_protocol configuration option 2017-03-22 18:22:24 +00:00
Tom Hughes
24271b75bd Use canonical-rails gem to generate canonical URLs 2017-03-22 18:16:53 +00:00
Tom Hughes
e35748567c Update HSTS to publish a max-age=0 to disable it 2017-03-03 11:34:39 +00:00
Tom Hughes
ee12eba234 Don't try and modify policy if we don't have one 2017-03-02 10:39:18 +00:00
Tom Hughes
c5ef6404f5 Improve the content security policy 2017-03-01 22:38:24 +00:00
Tom Hughes
8c3d16ecc4 Remove inline javascript from potlatch view 2017-02-28 20:41:22 +00:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
c8671c137a Update rubocop 2017-02-05 11:12:37 +00:00
Tom Hughes
7b3aba29ff Use meta.wikimedia.org for wikimedia authentication 2016-12-21 20:50:15 +00:00
Tom Hughes
69b967c9ff Add support for Wikimedia authentication 
Closes #1146
 2016-12-20 22:32:25 +00:00
Tom Hughes
c129a8eec5 Simplify monkey patch 
The log method has grown new arguments which we weren't passing
on, but fortunately the exception translation is now delegated to
another method so we can patch that instead.
 2016-12-02 09:42:05 +00:00
Tom Hughes
282ff4936c Fix rubocop warnings 2016-10-31 21:24:10 +00:00
Tom Hughes
5f4dcd34ff Fix some rubocop warnings 2016-09-15 22:41:07 +01:00